- From: misi via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Jun 2016 15:36:28 +0000
- To: public-webrtc@w3.org
misi has just created a new issue for https://github.com/w3c/webrtc-pc: == STUN/TURN OAuth token auth parameter handover. == I think there is a confusion between the current PeerConnection W3C API and RFC7635 In STUN/TURN auth crendtials/parameters handover... https://tools.ietf.org/html/rfc7635#appendix-B ```javascript HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store { "access_token": "U2FsdGVkX18qJK/kkWmRcnfHglrVTJSpS6yU32kmHmOrfGyI3m1gQj1jRPsr0uBb HctuycAgsfRX7nJW2BdukGyKMXSiNGNnBzigkAofP6+Z3vkJ1Q5pWbfSRroOkWBn", "token_type":"pop", "expires_in":1800, "kid":"22BIjxU93h/IgwEb", "key":"v51N62OM65kyMvfTI08O" "alg":HMAC-SHA-256-128 } ``` Figure 8: Response Here below I have highlighted the three mandatory parameters that needed to pass to the ICE Agent * "access_token": * "kid": * "key": So we need to pass these 3 value at least to ICE Agent in the browser through PeerConnection iceServers configuration interface. So according RFC 7635 * The key id (kid) (That is used like as username in Long Term Credential Auth), and has two other "credential" information pieces, that are needed to auth on remote TURN server. * the Session Key(Message Integrity, HMAC key). (That is used like as password in Long Term Credential Auth) * the Access Token (SelfContaing token, e.g. Authenticated-Encryption with Associated-Data(AEAD) encrypted token.) In figure 8 it is the key: See: https://w3c.github.io/webrtc-pc/#idl-def-rtciceserver So in WebIDL I could find only one DOMString for Credential. dictionary RTCIceServer { required (DOMString or sequence<DOMString>) urls; DOMString username; DOMString credential; RTCIceCredentialType credentialType = "password"; }; And furthermore this credential field normally in case of "password" auth (Long Term Credential) contains the Session Key(Message Integrity, HMAC key). I am wondering what is the right way to pass the access token, the third value? How to pass the 3 information in 2 fields username/credential? I propose to add a third field for the access_token, or add clarification in W3C PeerConnection. The actual W3C webrtc-pc saying that the access_token need to be passed as credential https://w3c.github.io/webrtc-pc/#rtcicecredentialtype-enum "The credential is an access token" Any comment highly appreciated! Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/714 using your GitHub account
Received on Friday, 24 June 2016 15:36:33 UTC